<?php
session_start();
$formid = isset($_SESSION['formid']) ? $_SESSION['formid'] : "";
if ($formid != $_POST['formid']) {
	echo "E00001!! SESSION ERROR RETRY AGAINT.";
} else {
	unset($_SESSION['formid']);
	if ($_POST) {
		require 'connect.php';
		
		
		$status = mysql_real_escape_string($_POST['status']);
		$MemID = mysql_real_escape_string($_POST['MemID']);
		
		$meSql = "INSERT INTO reserve (ReserveDate,Status,MemID) VALUES (now(),'{$status}','{$MemID}') ";
		$meQeury = mysql_query($meSql);
		if ($meQeury) {
			$ReserveID = mysql_insert_id();
			for ($i = 0; $i < count($_POST['qty']); $i++) {
				$order_detail_quantity = mysql_real_escape_string($_POST['qty'][$i]);
				$order_detail_price = mysql_real_escape_string($_POST['book_price'][$i]);
				$book_id = mysql_real_escape_string($_POST['book_id'][$i]);
				$lineSql = "INSERT INTO detailreserve(order_detail_quantity, order_detail_price, book_code,ReserveID) ";
				$lineSql .= "VALUES (";
				$lineSql .= "'{$order_detail_quantity}',";
				$lineSql .= "'{$order_detail_price}',";
				$lineSql .= "'{$book_id}',";
				$lineSql .= "'{$ReserveID}'";
				
				$lineSql .= ") ";
			mysql_query($lineSql);

			 }
			
			mysql_close();
			unset($_SESSION['cart']);
			unset($_SESSION['qty']);
			header('location:index.php?a=order');
		}else{
			mysql_close();
			header('location:index.php?a=orderfail');
		}
	}
}
?>